阻止人们已经装上多个标签我的网站 [英] Stop people having my website loaded on multiple tabs
问题描述
我希望用户从的只有的之一,他们的浏览器选项卡浏览我的网站。如何才能做到这一点?我会用JavaScript和Cookies?
例如,我有一个网站:的 www.example.com 的 - 我希望我的客户只能从一个单一的标签访问该网站在一个浏览器。如果他们打开另一个选项卡中并加载该网站(或网站的子页面) - 我要报警的无法打开多个实例的,然后将其重定向到一个错误页面
在一点要注意 - 如果用户从 www.example.com/action/door/mine.aspx 的为 WWW更改地址.example.com的的 - 应该做工精细,监守用户在相同的(原)标签
任何帮助将AP preciated。先谢谢了。
EDIT2:
这是这是在这个答案提到确切的事情,你需要的ID 2:
- 一个随机的
- 一以贯一(这将是我们SSID实际上,因为你限制单个浏览器的标签,这是更好地得到生成的表单浏览器的唯一参数)
您可以生成浏览器的用户代理相一致的一个或从服务器端获取。同时存储他们的服务器端。
存储在 window.name 属性随机的这片特定的。
发送心跳每1〜2秒,同时含有一致的ID和随机的服务器。如果服务器无法接收心跳时,清理数据库和撤销注册死的客户。
每个浏览器的请求,检查 window.name 的值。如果人失踪,请与服务器端是否如previous标签被关闭或没有(来自数据库清理)。
如果有,产生一对新的客户端,如果没有,拒绝他。
在我的脑海中前两名建议:
- 的 服务器端(更好):的提供所有的客户端,用户名和密码。要求他们在他们的网站的首次访问他们的凭据进入。然后在所有其他的要求,检查是否与所述凭据或没有登录的用户。
客户端*
|
|
服务器--->检查是否
已经登录
或不?
______________
| |
是否
| |
拒绝许可证
他他
- 的 客户端:的如果您真的需要这个强大的检查,使用的 evercookie 存储客户端机器上的
已登录的在的cookie。
边注:的不要知道在客户端的每一次尝试是不安全了!客户端应该帮助服务器端,它不应该被用作一个与安全唯一来源。 甚至evercookies可以删除所以,给我第一个建议一展身手。
修改
Evercookie真的做好在存储最安全的僵尸饼干有史以来但由于库本身就是浏览器有点重(存储cookie的时间超过100毫秒每次),这不是真的建议使用真实世界Web应用程序。
使用这些替代,如果你与服务器端的解决方案了:
I want users to browse my site from only one tab in their browser. How can this be done? Would I use javascript and cookies?
For example, I have a website: www.example.com - and I want my clients to only be able to visit the site from one single tab in one browser. If they open another tab and load the site (or a subpage of the site) - I want an alert "Can't open multiple instances", and then redirect them to an error page.
Once thing to note - if the user changes the address from www.example.com/action/door/mine.aspx to www.example.com - that should work fine, becuase the user is in the same (original) tab.
Any help will be appreciated. Thanks in advance.
EDIT2:
It's the exact thing which is mentioned at this answer, You need 2 IDs:
- One random one
- One consistent one (this will be our SSID actually, since you limit tabs of a single browser, it's better to get generated form browser's unique parameters)
You can generate consistent one from browser's user-agent or get it from server-side. store both of them server-side.
Store the random one in window.name property which is tab-specific.
Send a heartbeat every 1~2 seconds to your server containing both consistent ID and random one. if server fails to receive the heartbeat, it cleans up database and de-register dead clients.
on every browser's request, check window.name for the value. if it were missing, check with the server-side whether if the previous tab is closed or not (cleaned from database).
If yes, generate a new pair for client if no, reject him.
Two suggestions on top of my mind:
- Server-side (better): provide all your clients, a user name and password. request them on their first visit of your site to enter with their credentials. then on every other request, check for whether user with said credentials is already logged in or not.
Client *
|
|
Server ---> Check whether
Already logged
or not?
______________
| |
yes no
| |
permit reject
him him
- Client-side: If you really need a strong check of this, use evercookie to store an
already-logged-incookie on client's machine.
Side-note: Do know that every attempt in client side is not secure at all! client-side should help server-side, it shouldn't be used as the one and only source of security. even evercookies can be deleted so, give my first suggestion a go.
EDIT:
Evercookie is really doing a good job at storing most secure zombie cookies ever but since the library itself is a little bit heavy for browsers (storing a cookie takes more than 100ms each time) it's not really recommended for using in real-world web app.
use these instead if you went with server-side solution:
这篇关于阻止人们已经装上多个标签我的网站的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
